CVE-2021-25468: Input Validation
First published: Wed Oct 06 2021(Updated: )
A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.
Credit: mobile.security@samsung.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | =10.0 | |
| Google Android | =11.0 | |
| Samsung Exynos |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-25468.
What is the title of this vulnerability?
The title of this vulnerability is 'A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1.'
What is the severity of CVE-2021-25468?
The severity of CVE-2021-25468 is medium, with a CVSS score of 4.4.
How does CVE-2021-25468 affect Android devices?
CVE-2021-25468 affects Android devices running version 10.0 and 11.0.
How can attackers exploit CVE-2021-25468?
Attackers can exploit CVE-2021-25468 to read arbitrary memory addresses.
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- vendor/google
- canonical/google android
- version/google android/10.0
- version/google android/11.0
- vendor/samsung
- canonical/samsung exynos